Issued:
2015-12-01
Updated:
2015-12-01

RHSA-2015:2537 - Critical: Red Hat JBoss Portal 6.2.0 commons-collections security update

Synopsis

Critical: Red Hat JBoss Portal 6.2.0 commons-collections security update

Type/Severity

Security Advisory Critical

Topic

An updated package for the apache commons-collections library, fixing one security issue, is now available for Red Hat JBoss Portal 6.2.0 from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Description

Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform.

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501)

Further information about this security flaw can be found at: https://access.redhat.com/solutions/2045023

All users of Red Hat JBoss Portal 6.2.0 as provided from the Red Hat Customer Portal are advised to install this security patch.

Solution

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up all applications deployed on JBoss Enterprise Portal Platform, along with all databases, database settings, and customized configuration files.

Affected Products

ProductVersionArch
Red Hat JBoss MiddlewareText-Only Advisoriesx86_64

Fixes

CVEs

References

Additional information